| VID |
22742 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of WordPress software which is older than version 4.6.1 is detected as installed on the host. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress versions prior to 4.6.1 are vulnerable to multiple vulnerabilities.
- A cross-site scripting vulnerability (XSS) exists when handling file names of uploaded images due to improper validation of input before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2016-7168)
- A path traversal vulnerability exists in the WordPress upgrade package uploader due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to impact confidentiality, integrity, and availability. (CVE-2016-7169)
* Note: This check solely relied on the version number of the WordPress software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
https://codex.wordpress.org/Version_4.6.1
* Platforms affected:
WordPress versions prior to 4.6.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (4.6.1 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2016-7168,CVE-2016-7169 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
